[pfx] Re: Contradicting Postfix documentation

Tue, 02 May 2023 07:21:59 -0700 

Kolusion K via Postfix-users:
Yesterday you sent a tcpdump trace where Postfix fails to make a
connection from 192.168.2.2:

    23:11:38.333669 IP 192.168.2.2.40415 > 47.246.137.47.smtp: Flags
    [S], seq 3300139944, win 65280, options [mss 1360,sackOK,TS val
    912086021 ecr 0,nop,wscale 7], length 0

Today you claim that Postfix does NOT USE THAT IP ADDRESS.  

    I have specified Postfix to use a certain interface in 'main.cf': 

    inet_interfaces = 192.168.2.2 

    The problem is, Postfix is not using this interface and is
    instead using another interface to send e-mail.

In fact it does use the IP address, but there is no route from
192.168.2.2 to the remote destination.

According to the inet_interfaces manpage, EMPHASIS ADDED FOR CLARITY:

       When  inet_interfaces  specifies just one IPv4 and/or IPv6 address that
       is not a loopback address, the Postfix SMTP client will  use  this  ad?
       dress  as  the IP source address for outbound mail. Support for IPv6 is
       available in Postfix version 2.2 and later.

       On a multi-homed firewall with separate Postfix instances listening  on
       the  "inside"  and "outside" interfaces, THIS CAN PREVENT EACH INSTANCE
       FROM BEING ABLE TO REACH REMOTE SMTP SERVERS ON THE "OTHER SIDE" OF THE
       FIREWALL.  Setting  smtp_bind_address  to  0.0.0.0 avoids the potential
       problem for IPv4, and setting smtp_bind_address6 to :: solves the prob-
       lem for IPv6.

       A better solution for multi-homed firewalls is to leave inet_interfaces
       at the default value and instead use explicit IP addresses in the  mas-
       ter.cf  SMTP  server  definitions.   This  preserves  the  Postfix SMTP
       client's loop detection, by ensuring that each  side  of  the  firewall
       knows  that  the  other  IP  address  is  still  the same host. Setting
       $inet_interfaces to a single IPv4 and/or IPV6 address is primarily use-
       ful  with  virtual  hosting  of domains on secondary IP addresses, when
       each IP address serves a different domain (and has a different $myhost-
       name setting).

Your complex network configuration makes it a multi-homed host, and it is
subject to the same problems as described above.

        Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to